Around the world, regulators are continuing to step up their efforts to protect data privacy rights. National governments and multinational entities like the European Union are passing a growing number of laws that resemble Europe’s General Data Protection Regulation (GDPR), a framework detailing how individuals’ personal information must be handled when it’s held by organizations. The GDPR stipulates that all personal data belonging to EU citizens must be collected, processed, stored, and transferred in a secure manner, and it states that fines and penalties can be imposed upon businesses that violate its precepts. This includes organizations outside the EU, assuming that they serve European customers.
And the GDPR is just the tip of the iceberg. From the California Consumer Privacy Act (CCPA) to the Colorado Privacy Act (CPA) and the Virginia Consumer Data Protection Act (VCDPA), more and more state laws are being passed within the US, outlining what businesses can and cannot do with their customers’ data. At the federal level, President Biden recently signed an executive order implementing a new framework to protect the privacy of personal data shared between American and European entities.
Many of these emerging regulations carry the threat of significant fines for noncompliance. What’s more, today’s consumers increasingly expect that brands will handle their personal information in ways that are ethical and transparent. Failing to do so can ultimately harm your organization’s reputation, and repairing this sort of damage isn’t easy.
For stakeholders in organizational risk management, data protection, and privacy, the question is: How can we implement safeguards to mitigate these risks cost-efficiently and effectively?
Fortunately, Microsoft Purview is here to help.
Described by Microsoft as a set of “comprehensive unified data governance solutions,” Purview is best understood not as a single tool or product, but as a full-featured solution suite encompassing multiple risk, compliance, and data protection capabilities within a product family designed to safeguard data wherever it is stored.
The various tools within Microsoft Purview were developed individually over time, and then brought together to enhance visibility, interoperability, and ease of use. This is good news for the Chief Privacy Officer (CPO), Chief Data Officer (CDO) or risk management leader looking to simplify operations and better integrate capabilities. In fact, it’s good news for anyone concerned about data risks or compliance, and who wants solutions that work together seamlessly.
Purview’s capabilities are included with many enterprise-grade Microsoft licensing agreements, and there’s no need to deploy agents on endpoints, since the needed capabilities are built right into the operating system. This means that unlike combinations of point solutions, running Purview won’t impact devices’ startup times or performance, which makes for less friction for end users.
In some ways, Purview’s emergence mirrors recent developments that we’ve seen in the cybersecurity market, where stakeholders have seen tool sprawl grow increasingly common and severe. As tool sprawl advances, operational efficiency is reduced. More security analysts are needed to work with all of the organization’s tools, and more training is required to help these people master complex solution sets. Costs mount, along with frustration. Finally, a point is reached where consolidation and simplification become nearly everyone’s goals.
Microsoft Purview’s capabilities are truly comprehensive. Spanning use cases ranging from data mapping and data lifecycle management to data labeling, encryption, data loss prevention (DLP) and endpoint DLP, the solutions in this product family can help stakeholders understand where their data is and protect it while improving the organization’s compliance posture.
Purview’s data labeling capabilities are particularly useful for organizations that want to classify and protect their data, since the sensitivity labels created in Purview can travel with the data—across the entire Microsoft Purview data map, along with SharePoint, Teams, PowerBI, and storage such as the Azure Data Lake and Azure Files. Microsoft Purview Data Loss Prevention provides a single location for policy management, making it possible to create, manage, and enforce DLP policies across the entire Microsoft ecosystem from just one portal. Purview DLP’s dynamic controls, context-aware risk detection, and automated mitigation capabilities can be seamlessly extended to the endpoint to protect data from end to end. Plus, automated data discovery, sensitive data categorization, and end-to-end data lineage capabilities make it easier to create and maintain an accurate map of your entire data landscape.
As organizations’ data protection and compliance programs mature, they’ll need to think carefully about how to build and implement a data governance plan. This is necessarily a strategic initiative, and it’s not something that implementing Purview –on its own—can help you with. Purview can certainly provide a powerful toolset to enforce your policies, but the policies themselves must be written on the basis of your unique business objectives, industry requirements, and risk tolerance.
Engaging with a virtual Chief Information Security Officer (vCISO) can help you create policies, while an expert partner like Netrix can guide you in implementing technologies that align with those policies. We can also assist in testing and tuning those tools to keep them running optimally.
Another thing that’s challenging for many of our customers is understanding and responding to the events that compliance tools like Microsoft Purview generate. This is analogous to a common challenge in security operations (it’s hard to find and retain talent), but things may be even more difficult when it comes to data protection and compliance because it’s not always clear which department or functions within the organization should hold primary responsibilities in this area.
Since many organizations need help in this area, there’s a growing need in the market for compliance event management services. These could work like a managed security operations center (SOC), but specifically focused on compliance events. Such services would provide technical expertise and coverage, but also reporting capabilities, to ensure that business leaders will have a clear and meaningful picture of their organization’s data security and compliance posture.
Microsoft Purview may be a relatively new product family, but the tools and capabilities within it have evolved over the course of many years, and here at Netrix, we’ve been working with them the entire time. We help our customers make the most of their existing Microsoft licenses, select the add-ons that will provide the greatest value for their individual businesses, and maximize the value of their data while minimizing risks.
Want to know what that would look like for your organization? Contact us today.